In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2024-1201 |
History
Tue, 10 Dec 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 10 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | |
Title | Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-12-10T18:00:49.236Z
Updated: 2024-12-10T21:13:54.950Z
Reserved: 2024-11-19T18:30:28.773Z
Link: CVE-2024-53243
Vulnrichment
Updated: 2024-12-10T20:40:39.777Z
NVD
Status : Received
Published: 2024-12-10T18:15:41.093
Modified: 2024-12-10T18:15:41.093
Link: CVE-2024-53243
Redhat
No data.